fce8860a3928ea9eefed052fe6d1f03c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fce8860a3928ea9eefed052fe6d1f03c_JaffaCakes118
Size

333KB
MD5

fce8860a3928ea9eefed052fe6d1f03c
SHA1

34f5606940c4b4457d9c5d793e78da79c624564c
SHA256

8deddaf5f10822aca9dd20a8b0b8debfc905a2dc0076d96b7dc59d2f5389018b
SHA512

08816edded8fe050fff628aec393955e25fc58e41c632f488dc9920395d3c1073c5ba52c3184ff94862a9b4d84e57b73ec0279f1d7d843ee88c808469793d307
SSDEEP

6144:M+pjQNhicz4qZoyF8tiKASXCKH6oIDj/xnraL9+vDuphm97RKZCD7RrFJkEDqtYl:TpjQNQqZdUiKfXcoI1aLkvMmdWe7moqi

Score

1^/10

Malware Config

Signatures

Files

fce8860a3928ea9eefed052fe6d1f03c_JaffaCakes118
.zip
UBaglan.exe
.exe windows:5 windows x86 arch:x86

debe7fd7515e444a66ca78218a21e422

Code Sign

4f:39:c0:be:0a:0a:51:86:48:cf:06:ca:8c:64:0b:13
Certificate

Issuer

CN=BNM-BILGISAYAR

Not Before

07/07/2019, 14:14

Not After

07/08/2024, 14:14

Subject

CN=BNM-BILGISAYAR

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:53:ae:c5:09:1e:0b:fe:37:96:08:26:b3:45:20:2e:2f:57:82:59
Signer

Actual PE Digest

b7:53:ae:c5:09:1e:0b:fe:37:96:08:26:b3:45:20:2e:2f:57:82:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
WSAIoctl
connect
bind
listen
socket
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
setsockopt
closesocket
select
__WSAFDIsSet
accept
ioctlsocket
recv
send
WSAGetLastError
WSAStartup
WSACleanup

gdi32

GetObjectA
GetBitmapBits
ExtTextOutA
SelectClipRgn
CreateRectRgn
StretchBlt
SetStretchBltMode
GetDIBits
CreateCompatibleBitmap
RealizePalette
SelectPalette
CreatePalette
GetSystemPaletteEntries
GdiFlush
CombineRgn
CreateRectRgnIndirect
GetRegionData
BitBlt
SetBkMode
DeleteObject
CreateFontIndirectA
DPtoLP
GetDeviceCaps
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
ExtTextOutW
SetTextColor
SetBrushOrgEx
TextOutW
CreateFontA
CreateSolidBrush
GetStockObject
SetBkColor
SetTextAlign
CreatePatternBrush
SetBitmapBits
CreateDIBitmap
CreateDIBSection

user32

VkKeyScanExA
FindWindowA
GetMenuItemInfoW
EnableWindow
OpenDesktopA
GetSystemMenu
LoadIconA
SwitchToThisWindow
FindWindowW
MessageBoxA
ReleaseDC
GetDC
DestroyIcon
DrawIconEx
LoadImageA
MapVirtualKeyA
SendMessageTimeoutA
SystemParametersInfoW
IsWindowVisible
IntersectRect
EqualRect
RegisterClassExA
GetIconInfo
GetCursorInfo
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetUserObjectInformationA
GetThreadDesktop
EmptyClipboard
SetClipboardData
GetDesktopWindow
PeekMessageA
MsgWaitForMultipleObjects
mouse_event
keybd_event
GetKeyboardState
ToAsciiEx
LoadKeyboardLayoutA
DestroyAcceleratorTable
TranslateAcceleratorA
CreateAcceleratorTableA
DestroyCursor
MessageBeep
GetAsyncKeyState
MoveWindow
RegisterClassExW
ReleaseCapture
SetCapture
wsprintfW
SetCursorPos
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColorBrush
SetClipboardViewer
GetWindow
ChangeClipboardChain
WindowFromPoint
AdjustWindowRectEx
GetWindowPlacement
SetWindowPlacement
GetWindowLongW
GetMenuState
ShowScrollBar
IsIconic
ScrollWindowEx
SetScrollInfo
SetClassLongW
EnumWindows
GetClassNameA
GetWindowTextA
SetWindowTextA
KillTimer
SetRect
DrawTextA
DialogBoxParamA
EndDialog
CallWindowProcW
CallWindowProcA
IsWindowUnicode
DefWindowProcA
CheckMenuItem
RedrawWindow
InvalidateRect
SendMessageW
DrawStateA
DrawEdge
GetClientRect
CreateWindowExA
IsWindow
GetParent
DestroyWindow
SetWindowLongA
GetWindowLongA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetCursor
SetTimer
PostThreadMessageA
BeginPaint
EndPaint
PostMessageA
GetKeyState
SetDlgItemTextW
GetDlgItem
SetForegroundWindow
SetFocus
DefWindowProcW
GetFocus
PostQuitMessage
GetMenuItemInfoA
SetMenuItemInfoA
SystemParametersInfoA
SetWindowTextW
GetMenu
GetSubMenu
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu
DrawMenuBar
GetSysColor
GetSystemMetrics
MessageBoxW
LoadCursorA
RegisterClassW
LoadMenuA
CreateWindowExW
SetWindowLongW
SetWindowPos
UpdateWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
GetWindowRect
ScreenToClient
SendMessageA
SetMenuItemInfoW
GetMenuItemID
EnableMenuItem
GetMenuItemCount
ShowWindow

shell32

ShellExecuteW
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteExW

iphlpapi

GetAdaptersInfo

userenv

UnloadUserProfile
LoadUserProfileA

comctl32

ImageList_Destroy
ImageList_Draw
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
CreateToolbarEx
ImageList_GetIconSize
ord17
ImageList_ReplaceIcon
ImageList_Create

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
SetServiceStatus
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetFileSecurityW
FreeSid
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
ControlService
StartServiceA
CreateServiceW
RegCloseKey
RegOpenKeyExA

secur32

InitializeSecurityContextA
CompleteAuthToken
FreeCredentialsHandle
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
FreeContextBuffer

wininet

HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetOptionA

kernel32

RaiseException
RtlUnwind
ResumeThread
TlsAlloc
GetCurrentThread
TlsSetValue
SetThreadPriority
TlsGetValue
CreateSemaphoreA
DuplicateHandle
FindResourceA
GetCurrentDirectoryA
IsBadReadPtr
lstrcpyA
LocalFileTimeToFileTime
lstrcmpA
GlobalFree
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
ProcessIdToSessionId
SleepEx
SetFileAttributesW
RemoveDirectoryW
GetLogicalDrives
FindNextFileW
GetDriveTypeW
GlobalAlloc
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CompareFileTime
GlobalLock
GlobalUnlock
HeapFree
InterlockedIncrement
lstrlenA
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
FindResourceExA
SizeofResource
LoadResource
LockResource
GetLocalTime
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFileTime
GetFileTime
OpenMutexA
CreateMutexA
ResetEvent
SetEvent
OpenEventA
CreateEventA
SetUnhandledExceptionFilter
ExitProcess
EncodePointer
GetSystemTimeAsFileTime
GetSystemDirectoryW
lstrcatW
LoadLibraryW
WaitNamedPipeW
ReadFile
SetLastError
GetExitCodeProcess
BeginUpdateResourceW
EndUpdateResourceW
UpdateResourceA
TerminateProcess
OpenProcess
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
FreeLibrary
CreateThread
GetFileSize
SetFilePointer
WriteFile
WaitForSingleObject
GetStartupInfoW
CreateProcessW
MulDiv
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetComputerNameA
GetTickCount
LocalAlloc
SystemTimeToFileTime
MoveFileW
DeleteFileW
GetTempPathW
CreateFileW
FindFirstFileW
FindClose
GetUserDefaultUILanguage
GetModuleHandleA
GetProcAddress
GetLocaleInfoA
GetCurrentThreadId
SetProcessShutdownParameters
GetVersionExA
GetCurrentProcessId
Sleep
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentProcess
GetLastError
CloseHandle
LocalFree
ExitThread
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetCommandLineA
HeapSetInformation
GetModuleHandleW
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
GetSystemDirectoryA
DecodePointer
IsValidCodePage
HeapSize
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetStringTypeW
TryEnterCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
CompareStringW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetProcessHeap
GetTimeZoneInformation
SetEnvironmentVariableA
ExpandEnvironmentStringsA
lstrlenW

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

debe7fd7515e444a66ca78218a21e422

Code Sign

4f:39:c0:be:0a:0a:51:86:48:cf:06:ca:8c:64:0b:13Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

b7:53:ae:c5:09:1e:0b:fe:37:96:08:26:b3:45:20:2e:2f:57:82:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

gdi32

user32

shell32

iphlpapi

userenv

comctl32

advapi32

secur32

wininet

kernel32

Sections

.text Size: 475KB - Virtual size: 475KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 24KB - Virtual size: 54KB

.rsrc Size: 31KB - Virtual size: 30KB

4f:39:c0:be:0a:0a:51:86:48:cf:06:ca:8c:64:0b:13
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

b7:53:ae:c5:09:1e:0b:fe:37:96:08:26:b3:45:20:2e:2f:57:82:59
Signer

.text
Size: 475KB - Virtual size: 475KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 24KB - Virtual size: 54KB

.rsrc
Size: 31KB - Virtual size: 30KB